Thursday, May 7, 2009

Netlog and dubious invites

Many users have received invites to join the Netlog social networking website.

Fetching e-mail addresses from various other services' address books happens through the sign-up process, whereby an unsuspecting user is asked to enter his/her user names and passwords for his/her other services that s/he uses, which is how Netlog subsequently and automatically acquires all the e-mail addresses from a users' accounts in almost any of the popular services they use.

All reputable services (such as those from Google and Microsoft) strongly advise in their terms of service documents and elsewhere for their users not to divulge their user names and passwords to others. This not only means other people, but also other websites.

The only current Wikipedia entry containing information about the sign-up process was in the Russian Wikipedia.

Remedies

Change your services' alternate e-mail addresses

Before you change your accounts' passwords (which you subsequently have to remember anyway), make sure that the alternate (other/secondary) e-mail address for all of your relevant services' account settings is yours and only yours. If it has been changed to something that isn't yours to begin with or is a blank (less likely if the account might be compromised and more likely if you haven't entered an alternate address), change it back to your default alternate e-mail address. With all the services that you use, the action must be done in fairly quick succession.

Change your passwords

Only after changing alternate e-mail addresses and then confirming them (if the relevant services' systems require that), change your passwords. Remember to note the passwords down somewhere for quick memorization and be careful as to how you type the passwords, because these are always case-sensitive.

The same account information pages also faciliate changing your passwords. Again, please be careful and diligent when doing this.

Delete information and apologize

In your Netlog account, delete (or change some something untrue) any personally identifiable information and post an apology. Anyone who receives the dubious invite spam e-mail and then dares to click on the profile visitation link, should see your apology and that you did not actually intend to use the service.

Please keep in mind that before you join any social networking service, ask the person who allegedly sent the invitation if s/he has really sent the invitation or not. If not, then the invite is dubious and you should not join the service. If you do want to join a service, make sure that it's run by a reputable company, such as Microsoft or Google. AOL, Yahoo, Facebook and MySpace are also good.